Back to listing
David Thaw

David Thaw

Assistant Professor of Law and Information Sciences

David Thaw is an Assistant Professor of Law and Information Sciences at the University of Pittsburgh and an Affiliated Fellow of the Information Society Project at Yale Law School. His research and scholarship examine the regulation and impact of Internet and computing technologies, with specific focus on cybersecurity, privacy, cybercrime, and cyberwarfare.

Prior to joining the Pitt faculty, David taught at the University of Connecticut and the University of Maryland. He also practiced cybersecurity and privacy regulatory law at Hogan Lovels (formerly Hogan & Hartson) and was previously a Postdoctoral Fellow at Yale Law School.

David holds a PhD from UC Berkeley's School of Information, a JD from Berkeley Law, an MA in Political Science from UC Berkeley, a BS in Computer Science and a BA in Government & Politics from the University of Maryland. 

JD, Berkeley Law
PhD, University of California, Berkeley
MA Political Science, University of California Berkeley
BA, University of Maryland, College Park
BS, University of Maryland, College Park


  • Data Breach (Regulatory) Effects, 2015 Cardozo L. Rev. de novo 105 (2015). Available on SSRN.
  • Reasonable Expectations of Privacy Settings: Social Media and the Stored Communications Act, 13 Duke L. & Tech. Rev. 36 (2015). Available on SSRN
  • Surveillance at the Source, 103 Ky. L. J. 405 (2015). Available on SSRN.
  • Enlightened Regulatory Capture, 89 Wash. L. Rev. 329 (2014). Available on SSRN.
  • Invited Blogging: Enlightened Regulatory Capture, REGBLOG (Nov. 12, 2013).
  • The Efficacy of Cybersecurity Regulation, 30 Ga. St. U. L. Rev. 287 (2014). Available on SSRN
  • Invited Congressional Testimony: Reporting Data Breaches: Is Federal Legislation Needed to Protect Consumers?, Hearing Before the House Energy & Commerce Comm., Subcomm. on Commerce, Mfg., & Trade, 113th Cong. (July 18, 2013) (Testimony of David Thaw, Visiting Assistant Professor of Law, University of Connecticut).
  • Invited Blogging: A Flexible Approach to Cybersecurity Regulation, REGBLOG (July 9, 2013).
  • Criminalizing Hacking, Not Dating: Reconstructing the CFAA Intent Requirement, 103 J. Crim. L. & Criminology 907 (2013). Available on SSRN.
  • When Machines Are Watching: How Warrantless Use of GPS Surveillance Technology Terminates The Fourth Amendment Right Against Unreasonable Search, 121 Yale L. J. Online 177 (2011) (with Priscilla Smith, Nabiha Syed & Albert Wong). Available on SSRN.
  • User Choices and Regret: Understanding Users' Decision Process about Consensually Acquired Spyware, 2 I/S: J. L. & Pol. Info. Soc'y 283 (2006) (with Nathaniel Good, Jens Grossklags, Aaron Perzanowski, Deirdre Mulligan, & Joseph Konstan). Available on SSRN.

Scientific, Policy, and Other Academic Publications (Selected):